Compliance and Security for Financial Services
AWS understands the unique security, regulatory, and compliance obligations financial services institutions face on a global scale. AWS customers can access controls that have been tested and validated by third-party auditors across ISO, PCI, SOC, and other certifications. Internal AWS Financial Services security and compliance experts can also help customers to create scalable, secure cloud platforms specially designed to complement the organization’s security goals, strategies, and tactics, while meeting the strictest regulatory requirements.
Infrastructure and services to elevate security in the cloud
Security and resiliency are our highest priority. We listen closely to our customers to offer both a highly secure cloud computing environment and a range of tools and resources they can leverage to build and implement their own application-level security measures. AWS has achieved a number of internationally recognized certifications and accreditations, demonstrating compliance with third-party assurance frameworks, including those that impact most financial services organizations such as PCI-DSS, SEC Rule 17-a-4(f), Reg SCI, EU Data Protection Directive, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171.
AWS also offers numerous security services to manage access, analyze data for irregular activity with machine learning capabilities, mitigate DDoS attacks, encrypt data, and send alerts whenever changes are made to AWS resources. AWS customers also have access to governance-focused, audit-friendly service features to meet regulations and audit standards.
The same world-class security experts who monitor AWS core infrastructure also build and maintain the broad selection of innovative security services, which help customers simplify meeting their security and regulatory requirements.
AWS Compliance Center
The AWS Compliance Center is an interactive tool that offers a central location to research cloud-related regulatory requirements in 54 countries. The tool helps customers browse country-specific resources, identify local regulatory requirements, and view AWS compliance programs that may apply to that country. As more countries update their technology guidelines, they will be added to the tool to help financial services professionals understand regulatory requirements for adopting the cloud in the geographies where they operate.
AWS Cloud Governance for Financial Services
AWS Cloud Governance for Financial Services is a framework to guide customers in establishing processes and selecting tools to manage and govern their AWS environment. Financial institutions are able to define requirements for security, cost, and ongoing oversight for their cloud journey; ensure processes are optimized and consistently followed; and implement solutions to measure cloud health at scale.
AWS Security Documentation
The security documentation repository shows customers how to configure AWS services to meet their organization’s security and compliance objectives. AWS customers benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations.
AWS Well-Architected Framework
The AWS Well-Architected Framework has been developed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. Based on five pillars—operational excellence, security, reliability, performance efficiency, and cost optimization—the framework provides a consistent approach for customers and partners to evaluate architectures and implement designs that will scale over time.
The Financial Services Industry Lens for AWS Well-Architected Framework provides additional best practices for the resiliency, security, and operational performance requirements of financial institutions based on our experience working with global customers in a highly regulated environment.
AWS Artifact tool
The AWS Artifact tool is a globally available customer portal that provides on-demand access to information on AWS policies, processes, and controls. It offers documentation of controls relevant to specific AWS services and validation that AWS controls are operating effectively. Customers can use the reports to align AWS controls to their own control frameworks and verify that AWS controls are performing successfully. View AWS Services in Scope by Compliance Program or access AWS Artifact from the AWS Management Console.
To learn more about how AWS Global infrastructure is designed and built to deliver the most flexible, reliable, scalable, and secure cloud computing environment, visit Infrastructure.AWS